Project

General

Profile

ipsec » History » Version 3

Martin Willi, 29.09.2007 13:55
added explanations for the control commands

1 1 Martin Willi
= ipsec =
2 2 Martin Willi
3 2 Martin Willi
'''ipsec''' is actually an umbrella command comprising a collection of individual sub commands of the form 
4 2 Martin Willi
5 3 Martin Willi
  '''ipsec ''<command>'' [ ''<argument>'' ]  [ ''<options>'' ]'''
6 2 Martin Willi
7 2 Martin Willi
that can be used to control and monitor IPsec connections as well as the IKE daemons.
8 2 Martin Willi
9 2 Martin Willi
== Control Commands ==
10 2 Martin Willi
11 1 Martin Willi
'''ipsec start [ ''<starter options>'' ]'''
12 3 Martin Willi
   calls [wiki:IpsecStarter ipsec starter] which in turn parses [wiki:IpsecConf ipsec.conf] and starts
13 3 Martin Willi
   the IKEv1 pluto and IKEv2 charon daemons.
14 2 Martin Willi
15 1 Martin Willi
'''ipsec stop'''
16 3 Martin Willi
   terminates all IPsec connection and stops the IKEv1 pluto and IKEv2 charon daemons by sending
17 3 Martin Willi
   a ''TERM'' signal to [wiki:IpsecStarter ipsec starter].
18 1 Martin Willi
19 1 Martin Willi
'''ipsec restart [ ''<starter options>'' ]'''
20 3 Martin Willi
   is equivalent to '''ipsec stop''' followed by '''ipsec start [ ''<starter options>'' ]''' after a
21 3 Martin Willi
   guard period of 2 seconds.
22 1 Martin Willi
   
23 1 Martin Willi
'''ipsec update'''
24 3 Martin Willi
   sends a ''HUP'' signal to [wiki:IpsecStarter ipsec starter] which in turn determines any changes
25 3 Martin Willi
   in[wiki:IpsecConf ipsec.conf] and updates the configuration on the running IKEv1 pluto and IKEv2 
26 3 Martin Willi
   charon daemons, correspondingly.
27 1 Martin Willi
28 1 Martin Willi
'''ipsec reload'''
29 3 Martin Willi
   sends a ''USR1'' signal to [wiki:IpsecStarter ipsec starter] which in turn reloads the
30 3 Martin Willi
   whole configuration on the running IKEv1 pluto and IKEv2 charon daemons based on the actual
31 3 Martin Willi
   [wiki:IpsecConf ipsec.conf].
32 1 Martin Willi
33 3 Martin Willi
'''ipsec up  ''<name>'' '''
34 3 Martin Willi
   tells the responsible IKE daemon to start up connection ''<name>''.
35 1 Martin Willi
36 3 Martin Willi
'''ipsec down  ''<name>'' '''
37 3 Martin Willi
   tells the responsible IKE daemon to terminate connection ''<name>''.
38 1 Martin Willi
39 3 Martin Willi
'''ipsec route  ''<name>'' '''
40 3 Martin Willi
   tells the responsible IKE daemon to insert an IPsec policy in the kernel for connection ''<name>''.
41 3 Martin Willi
   The first payload packet matching the IPsec policy will automatically trigger an IKE connection setup.
42 2 Martin Willi
43 3 Martin Willi
'''ipsec unroute  ''<name>'' '''
44 3 Martin Willi
   remove the IPsec policy in the kernel for connection ''<name>''.
45 2 Martin Willi
 
46 3 Martin Willi
'''ipsec status [ ''<name>'' ] '''
47 3 Martin Willi
   returns concise status information either on connection ''<name>'' or if the argument is lacking,
48 3 Martin Willi
   on all connections.
49 2 Martin Willi
50 3 Martin Willi
'''ipsec statusall [ ''<name>'' ] '''
51 3 Martin Willi
   returns detailed status information either on connection ''<name>'' or if the argument is lacking,
52 3 Martin Willi
   on all connections.
53 2 Martin Willi
54 2 Martin Willi
== Info Commands ==
55 2 Martin Willi
56 2 Martin Willi
'''ipsec version'''
57 2 Martin Willi
58 2 Martin Willi
'''ipsec copyright'''
59 2 Martin Willi
60 2 Martin Willi
'''ipsec --versioncode'''
61 2 Martin Willi
62 2 Martin Willi
'''ipsec --directory'''
63 2 Martin Willi
64 2 Martin Willi
'''ipsec --confdir'''
65 2 Martin Willi
  
66 2 Martin Willi
== List Commands ==
67 2 Martin Willi
68 2 Martin Willi
'''ipsec listaacerts [ --utc ]'''
69 2 Martin Willi
70 2 Martin Willi
'''ipsec listacerts [ --utc ]'''
71 2 Martin Willi
72 2 Martin Willi
'''ipsec listalgs'''
73 2 Martin Willi
   lists all registered IKE and ESP encryption and authentication algorithms as well as the supported Diffie-Hellman groups.
74 2 Martin Willi
   Supported by the IKEv1 pluto daemon only.
75 2 Martin Willi
76 2 Martin Willi
'''ipsec listcacerts [ --utc ]'''
77 2 Martin Willi
78 2 Martin Willi
'''ipsec listcainfos [ --utc ]'''
79 2 Martin Willi
80 2 Martin Willi
'''ipsec listcards [ --utc ]'''
81 2 Martin Willi
   lists all certificates found on attached smart cards.
82 2 Martin Willi
   Supported by the IKEv1 pluto daemon only.
83 2 Martin Willi
84 2 Martin Willi
'''ipsec listcrls [ --utc ]'''
85 2 Martin Willi
86 2 Martin Willi
'''ipsec listcerts [ --utc ]'''
87 2 Martin Willi
88 2 Martin Willi
'''ipsec listgroups [ --utc ]'''
89 2 Martin Willi
90 2 Martin Willi
'''ipsec listocsp [ --utc ]'''
91 2 Martin Willi
92 2 Martin Willi
'''ipsec listocspcerts [ --utc ]'''
93 2 Martin Willi
94 2 Martin Willi
'''ipsec listpubkeys [ --utc ]'''
95 2 Martin Willi
   lists the cached RSA public keys.
96 2 Martin Willi
   Supported by the IKEv1 pluto daemon only.
97 2 Martin Willi
98 2 Martin Willi
'''ipsec listall [ --utc ]'''
99 2 Martin Willi
100 2 Martin Willi
== Reread Commands ==
101 2 Martin Willi
102 2 Martin Willi
'''ipsec rereadaacerts'''
103 2 Martin Willi
104 2 Martin Willi
'''ipsec rereadacerts'''
105 2 Martin Willi
106 2 Martin Willi
'''ipsec rereadcacerts'''
107 2 Martin Willi
108 2 Martin Willi
'''ipsec rereadcrls'''
109 2 Martin Willi
110 2 Martin Willi
'''ipsec rereadocspcerts'''
111 2 Martin Willi
112 2 Martin Willi
'''ipsec rereadsecrets'''
113 2 Martin Willi
114 2 Martin Willi
'''ipsec secrets'''
115 2 Martin Willi
   is equivalent to '''ipsec rereadsecrets'''.
116 2 Martin Willi
117 2 Martin Willi
'''ipsec rereadall'''
118 2 Martin Willi
119 2 Martin Willi
== Purge Commands ==
120 2 Martin Willi
121 2 Martin Willi
'''ipsec purgeocsp'''
122 2 Martin Willi
123 2 Martin Willi
== PKCS11 Proxy Commands ==
124 2 Martin Willi
125 1 Martin Willi
'''ipsec scencrypt'''
126 1 Martin Willi
127 1 Martin Willi
'''ipsec scdecrypt'''